Mischief Kid ~ Traboda Forensic Challenge Write Up

Challenge Description : Little Bart here is the biggest troublemaker in town. He is hiding the flag somewhere safe. Follow and bust out little Bart to get what you want!

Clue : They say Bart hates magic.

Challenge Link : https://app.traboda.com/challenge/498

Flag Format : inctfj{…}

Initially we are provided a zip file which consists of an image named busted.png

busted.png

Lets verify whether any image/data is hidden in busted.png

Open a terminal and execute

binwalk -e mischief.jpg

We will get a new folder which contains another folder named Flag and some zlib file (not important)

On entering the Flag folder , we shall find an image named busted.png which is not viewable which raises an concern

On checking the file type of busted.png we shall that it is of text type.

Since they have mentioned that Bert hates magic , lets check the magic numbers of busted.png which can be found its hex dump .

To view the hex dump lets use a tool named ghex.

In a terminal execute..

ghex busted.png

On executing the above command we will be able to see the following window

See the first 8 elements of this dump

89 4E 0D 0A 1A 0A 00 00 

But the correct header for a png file is

89 50 4E 47 0D 0A 1A 0A

Make the required changes in the header of the image. After doing those changes you will be able to view the image which also contains the flag for this challenge.

busted.png

The flag for this image is inctfj{_4Ye_@aRr4mbB4_u_g0T_m3!}

Installing Binwalk and ghex

$ sudo apt install binwalk
$ sudo apt install ghex

Intro to Traboda : Traboda is an Cybersecurity Edutech from which provides 200+ challenges from various categories and competitions with difficulty ranging from beginners to experts.

Traboda - Learn CyberSecurity & Hacking